| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Dec 2013 09:27:59 -0200 From: Henrique de Moraes Holschuh <hmh@....eng.br> To: linux-kernel@...r.kernel.org, ibm-acpi-devel@...ts.sourceforge.net Subject: Re: [ibm-acpi-devel] [PATCH] video: backlight: Remove backlight sysfs uevent On Sun, 15 Dec 2013, Andrew Morton wrote: > On Sun, 24 Nov 2013 01:53:11 -0200 Henrique de Moraes Holschuh <hmh@....eng.br> wrote: > > On Sun, 24 Nov 2013, Matthew Garrett wrote: > > > On Sat, Nov 23, 2013 at 10:40:15PM -0200, Henrique de Moraes Holschuh wrote: > > > > On Fri, 22 Nov 2013, Matthew Garrett wrote: > > > > > We have userspace that relies on uevents of type > > > > > BACKLIGHT_UPDATE_HOTKEY. I don't know that we have userspace that relies > > > > > on uevents of type BACKLIGHT_UPDATE_SYSFS. > > > > > > > > Any OSD application would have to rely on both uevent types, or it is broken > > > > (and to test that, just write a level to sysfs and watch the OSD app fail to > > > > tell you about the backlight level change...) > > > > > > Right, OSDs are supposed to respond to keypresses, not arbitrary changes > > > of backlight. If the user's just echoed 8 into brightness, they know > > > they set the brightness to 8 - they don't need an OSD to tell them that. > > > > It is not just the user that sets the brightness. > > > > Still, if you're sure that all userspace users react only to the hotkey type > > of event, removing the sysfs one won't break anything any further. > > > > But it will be *really* annoying the day we revisit this because someone > > started abusing the hotkey uevent and we have to deploy a proper fix (rate > > limiting or switching to a proper event report interface that doesn't use > > uevents). > > > > > BACKLIGHT_UPDATE_HOTKEY is when the firmware itself has changed the > > > brightness in response to a keypress, and so reporting the keypress > > > would result in additional backlight changes. > > > > Yeah, I know that bug quite well, thinkpads were the first victims of > > idiotic feedback event loops caused by braindead userspace. > > I'm not seeing a lot of consensus here and afaict the v2 patch: > > --- a/drivers/video/backlight/backlight.c~drivers-video-backlight-backlightc-remove-backlight-sysfs-uevent > +++ a/drivers/video/backlight/backlight.c > @@ -175,8 +175,6 @@ static ssize_t brightness_store(struct d > } > mutex_unlock(&bd->ops_lock); > > - backlight_generate_event(bd, BACKLIGHT_UPDATE_SYSFS); > - > return rc; > } > static DEVICE_ATTR_RW(brightness); > > will still break userspace which relies on BACKLIGHT_UPDATE_SYSFS > uevents. I see no way we can guarantee that there is no such userspace > so the patch is worrying. > > Should we instead be looking for a way of avoiding this risk? Say, add > a new knob which people can set if they don't want to generate this > event? Ugly, but that's the price we pay for mucking it up originally. Well, either that, or a smart rate limiter with a sane default. It could well be configurable to suppress all events, for the benefit of embedded devices. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists